Now you can only authenticate with SSH keys and authenticating with passwords is disabled. To set up a public and private key I'd refer you to the following documentation.

Additionally you can also restrict which accounts can login over SSH and for example only allow one specific user (which can be different from your day-to-day account and can have a more secure password). You can do that right from the Sharing preference pane.

If you're looking for strong security over SSH, I recommend using key authentication. You have the option of assigning a password to a key. You can be the judge of how strong the password for your key needs to be. Remember, that a medium strength key password when the key yields stronger security than simple password authentication--assuming that you've properly secured your private key.